Task 1. "Apache Security" - This covers a multitude of sins; especially once you start to drag in PHP. This needs a lot of amplification, and if I get time, I'll revisit it. How about "applying for and installing an SSL certificate"?
Task 2. "BIND Security" - Ditto. This needs to be re-written in terms of "allow-query", "allow-transfer", etc. Do we want to cover TSIGS? How about split DNS configuration for DMZ firewalls? Task 3 - .htaccess files - Ah, now we're getting to the detail of Apache security. Many/most systems run with AllowOverride set to none, these days, since reading a chain of .htaccess files kills performance. We need to cover allow, deny and order directives in the httpd.conf file as well as .htaccess files. Task 4 - Authentication - Needs to be defined more tightly. Authentication alone can be done using mod_auth, mod_auth_dbm, mod_auth_pam, mod_auth_ldap (for Apache 2.x) and doubtless a bunch of others. Where do we stop? Task 8 - "chrooted applications" - Should really be "configure BIND to run in a chrooted environment" or something specific. There are lots of twists to running applications in general in a chroot jail. Also, we have nothing about database (MySQL, PostgreSQL) security here. Best, --- Les Bell, RHCE, CISSP [http://www.lesbell.com.au] _______________________________________________ lpi-examdev mailing list [EMAIL PROTECTED] http://list.lpi.org/mailman/listinfo/lpi-examdev
